BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

GitHub Malware Steals Python Repos via Force-Pushing

Hackers force-push malware into Python repos via stolen GitHub tokens.

  • A GitHub account takeover campaign uses stolen tokens to inject malware into hundreds of Python repositories.
  • The malicious code, part of the GlassWorm/ForceMemo campaign, targets users who clone or install from compromised repos.
  • The payload retrieves instructions from a Solana wallet transaction memo, a signature linked to previous GlassWorm activity.
  • Attackers rewrite Git history via force-pushing, leaving no visible trail in GitHub’s interface.

On March 8, 2026, the cybersecurity firm StepSecurity uncovered a sophisticated attack campaign compromising hundreds of Python repositories on GitHub by force-pushing malicious code. Dubbed ForceMemo, this offshoot of the ongoing GlassWorm malware operation exploits stolen developer credentials to alter project files and infect downstream users.

- Advertisement -

According to StepSecurity, the attackers target projects including Django apps and PyPI packages by appending obfuscated malware to key files. “Anyone who runs pip install from a compromised repo or clones and executes the code will trigger the malware,” the company said. This methodology rewrites Git history via rebasing, preserving original commit details to evade detection.

The injected payload contains checks to avoid systems with Russian locales. Consequently, it fetches its commands by querying the transaction memo of a specific Solana wallet previously linked to GlassWorm campaigns. This server then delivers encrypted JavaScript designed to steal cryptocurrency and sensitive data from victims.

Meanwhile, Socket noted the core threat actor has refined its techniques for improved evasion. The actor leverages extension dependencies in a transitive distribution model, as detailed in a previous report. Furthermore, Aikido Security attributed a separate mass repository compromise using invisible Unicode characters to the same actor.

The consistent use of the same Solana command infrastructure confirms ForceMemo is a new delivery vector for the established GlassWorm threat actor. StepSecurity emphasized the unique nature of this attack, stating “No other documented supply chain campaign uses this injection method” of silent force-pushing.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Apple Stock Nears $323 Target Amid Rally Momentum

Apple stock trades above key moving averages, signaling strength toward the $323.35 target rangeTechnical...

France orders Polymarket block over illegal gambling

France’s National Gambling Authority (ANJ) ordered ISPs to block Polymarket, deeming prediction markets illegal...

ChartUp Solana Volume Bot: An All-in-One Toolkit Review

Solana teams often assemble testing workflows from unrelated scripts, wallets, dashboards, and venue-specific services....

ChartUp Solana Volume Booster: Random Trade Size Tests

A private Solana test becomes less informative when every swap repeats the same value....

WordPress core hit by zero-click RCE bug, patch now live

WordPress patched a pre-authentication remote code execution flaw in versions 6.9.5 and 7.0.2 on...

Must Read

Are Cryptocurrency Securities?

TL;DR - Cryptocurrencies are not typically considered securities, as they are decentralized digital assets that operate independently of any central authority or government. However,...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading